blob: ca41065dcd672ce5dc371dc9de7043a55540765c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
From 6dee08d14f7a8a51691b799592774e805d6f8707 Mon Sep 17 00:00:00 2001
From: Tony Arcieri <bascule@gmail.com>
Date: Thu, 7 Jan 2016 11:02:31 -0800
Subject: [PATCH] Remove 512-bit DH group
512-bit DH keys are severely weak and have been implicated in recent attacks:
https://weakdh.org/
---
lib/openssl/pkey.rb | 8 --------
diff --git a/lib/openssl/pkey.rb b/lib/openssl/pkey.rb
index 3f65adad..89563b65 100644
--- a/ext/openssl/lib/openssl/pkey.rb
+++ b/ext/openssl/lib/openssl/pkey.rb
@@ -4,13 +4,6 @@ module PKey
if defined?(OpenSSL::PKey::DH)
class DH
- DEFAULT_512 = new <<-_end_of_pem_
------BEGIN DH PARAMETERS-----
-MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
-zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
------END DH PARAMETERS-----
- _end_of_pem_
-
DEFAULT_1024 = new <<-_end_of_pem_
-----BEGIN DH PARAMETERS-----
MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
@@ -23,7 +16,6 @@ class DH
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen|
warn "using default DH parameters." if $VERBOSE
case keylen
- when 512 then OpenSSL::PKey::DH::DEFAULT_512
when 1024 then OpenSSL::PKey::DH::DEFAULT_1024
else
nil
|